Using Clair to scan DOCKER images for vulnerability

mustafa_turab_ali · October 8, 2019, 1:18pm

Using Clair to scan docker images within CI pipelines.

version: ‘1.0’
steps:

  Docker-Build:
      title: Building docker image
      type: build
      arguments:
        working_directory: ${{main_clone}}
        dockerfile: docker/Dockerfile
        image_name: '${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}'
        tag: master
        no_cache: true
      build_arguments:
        - disable-content-trust=true
  ScanImage:
    image: codefresh/cfstep-paclair:3.1.0
    environment:
      - CLAIR_URL=${{CLAIR_IP_ADDRESS}}
      - IMAGE=${{BUILD_IMAGE_NAME}}
      - REGISTRY_PASSWORD=${{CLAIR_PASSWORD}}
      - REGISTRY_USERNAME=${{CLAIR_USERNAME}}
      - TAG=${{CF_BRANCH_TAG_NORMALIZED}}
      - SEVERITY_THRESHOLD=critical
    on_success:
      metadata:
        set:
          - ${{Docker-Build.imageId}}:
              - CLAIR_SECURITY: true
              - CF_QUALITY: true
              - promoted: true
              # - coverage : 85%
    on_fail:
      metadata:
        set:
          - ${{Docker-Build.imageId}}:
              - CLAIR_SECURITY: false
              - CF_QUALITY: false

Topic	Replies	Views
Sonarqube Scanner CLI [Updated] Marketplace	713	July 8, 2021
Linux .NET Sonarqube Scanning Step Marketplace	753	May 26, 2021
Windows .NET Sonarqube Scanning Step Marketplace	701	May 26, 2021

Using Clair to scan DOCKER images for vulnerability

Related Topics